Trojan.Bredolab is a threat that has been distributed widely and consistently this year. This research paper takes a closer look at the Trojan to discover how it works, why it’s so widespread, and the motivations behind it.
In short, Bredolab is distributed by spam emails and drive-by-download attacks. (In fact, last month we blogged about a wave of spam emails used to distribute it.) Once it’s on a computer, Bredolab downloads and installs a variety of other threats. This process is outlined in the following diagram.
We have seen Bredolab downloading password stealers, bots, rootkits, backdoors,...
W32.Waledac has launched a new spam campaign using a 4th of July theme. Below are some screenshots of sample spam emails with the new theme.
If the unsuspecting user clicks the link in the email, they will be directed to a Web page similar to the following:
The page claims to contain a video of a fireworks show for this year’s 4th of July celebration. However, clicking on the "video" actually leads to a W32.Waledac executable. Watch out for spam containing any of the following strings...
